Credential Revocation by holder

[jjeroch]

Summary

Revocation request by the holder of the credential.
The revocation itself will be inside the revocation of the issuer since the credential status list is located inside the issuer wallet.

Details

Task: Implement Credential Revocation Interface for Customer

implement a credential revocation interface for customers. This interface will allow customers to revoke their credentials, such as frameworkAgreement or BPN, in case of security concerns or account compromise. The interface should follow the specified requirements:

1. Revocation Method: Implement a method revokeCredential that takes the customer's credential unique identifier to be revoked as input parameters.

2. Validation: Before revoking the credential, validate the customer's identity to ensure that they have the authority to revoke the credential.

• Validate customer permission
• Validate the customer jwt claim "bpn" - must be the same as the wallet instance bpn

3. Revocation Process: Once the customer's identity is validated, perform the necessary steps to revoke the credential. Details see below

---

To implement this function, we first of all need a new endpoint inside the issuer component which can get called by the holder.

Endpoint: /api/revocation/credentials/{credentialId}
HTTP Method: POST
Authority: revoce_credential
Validation:
the endpoint can get called by the holder to revoke the credential

1. validate if the holder calling the credential revocation is the holder
2. validate if the credential is revocable (active)

• if "yes" proceed
• if "no" repsonse "already done"

3. run the revocation process on the wallet side (details see below)
4. with the response of success (from the wallet side); take the following updates

• set the document inside the documents table to "INACTIVE"
• set the credential request inside the ssi_details table to "REVOKED"

The new API Endpoint should support following responses:

• Status Code: 200 OK
• Status Code: 401 Unauthorized (if authentication fails)
• Status Code: 403 Forbidden (if authorization fails)
• Status Code: 404 Not Found (if credential id is not found)
• Status Code: 500 Internal Server Error (for any other server-side errors)

DIM WALLET REVOCATION

Endpoint: /api/v2.0.0/credentials/{credentialId}

HTTP Method: PATCH

Request Headers:

• Content-Type: application/json
• Authorization: Bearer [access_token] (for authentication and authorization)

Request Body:

{
  "payload": {
    "update": {
      "name": "???",
      "description": "revoke",
      "credentialSubject": {
        "id": "???",
        "email": "???"
      }
    }
  }
}

MANDATORY TEST:
try to revoke a credential by the holder of another customer